Sr Analyst, IT Security Program Architecture POST NUMBER: 449742
Job Summary
Security Program Architect to lead the integration of cybersecurity governance, risk, and compliance (GRC) with secure architecture and technical design across the organization. This role serves as a strategic bridge between policy and implementation—designing security programs that are both compliant and technically sound.
The ideal candidate has experience in cybersecurity frameworks, regulatory standards, secure architecture principles, and cross-functional program execution. We’re looking for a delivery focused problem solver who stays current on cybersecurity trends and thrives on designing and implementing practical, business-aligned solutions.
Responsibilities
Program Leadership & Integration
- Play an active role in developing enterprise cybersecurity vision, roadmap, and execution plan
- Serve as a strategic liaison between cybersecurity, IT, and business units to align security initiatives with organizational goals
- Lead or contribute to the development of enterprise-wide security programs (e.g., Zero Trust, Data Protection, Secure by Design)
- Drive cross-functional collaboration to ensure consistent implementation of security controls across infrastructure, applications, and operations
- Support the Head of Cybersecurity in providing subject matter expertise to executive leadership on security posture, architectural gaps, and program maturity
- Develops policy drafts, procedures, educational materials, strategy/technology roadmaps, Request for Proposal/Offers (RFP/RFO’s), project plans, communications, and presentations to support the overall delivery of IT cybersecurity objectives.
- Develop and manage enterprise cybersecurity policies, standards, and procedures aligned to frameworks such as NIST CSF, NIST 800-53, ISO 27001, and CIS
- Lead cyber risk assessments and translate risk insights into actionable program requirements and security controls
- Oversee compliance initiatives (e.g., SOX, HIPAA, GDPR, CCPA, etc.) and collaborate with Legal, Audit, and Privacy teams
- Design and manage security awareness programs to drive organizational engagement and improve security culture
- Lead vendor risk management activities, including third-party risk assessments, contract reviews, and ongoing monitoring of security posture
- Define and track security KPIs, metrics, and maturity models to support continuous improvement
- Establish security governance processes to support secure design reviews, exception handling, and third-party risk management
- Support the Head of Security in reviewing the current technology stack to assess its effectiveness in mitigating today’s threat landscape and identify opportunities for improvement
- Monitor current cybersecurity threats and industry trends while proactively shaping a long-term security roadmap aligned with emerging risks, technologies, and business objectives
- Partner with enterprise architects, infrastructure, and application teams to design secure systems and services
- Develop and maintain security reference architectures, patterns, and technical standards for key environments (cloud, on-prem, hybrid)
- Embed security requirements into system development lifecycles (SDLC), DevSecOps practices, and cloud-native design
- Conduct technical risk assessments, threat modeling, and architecture reviews for critical projects
- Recommend security technologies and controls to mitigate identified risks and support business objectives
Relevant certifications such as CISSP, CISM, SABSA, TOGAF, or AWS/GCP/Azure Security are a plus
Qualifications/Requirements
- Bachelor’s degree in Computer Science, Information Security, or other technical fields
- Minimum 10 years’ experience in a combination of cybersecurity and IT governance, with demonstrated expertise in both GRC and technical architecture roles
- 2 years of experience working in a Big 4 consulting firm (Deloitte, PwC, EY, or KPMG), with exposure to cybersecurity advisory, risk management, or compliance services is preferred
- Strong knowledge of cybersecurity frameworks (e.g., NIST CSF, ISO 27001) and technical domains (e.g., network, cloud, identity, data protection)
- Experience with secure SDLC, DevSecOps integration, and infrastructure/cloud security design
- Experience with project management tools like Azure DevOps, Jira, etc.
- Experience with Microsoft 365 E5 Security suite and PowerBI reporting
- Support cybersecurity projects and operations and be available during nights or weekends as needed
- Strong project management experience, including developing plans, roadmaps and milestones
- Master’s degree in Computer Science, Information Security, or other technical fields
- Experience implementing and/or supporting vendor risk management platforms, enterprise GRC platforms, Security Orchestration, Automation and Response (SOAR) platforms or SAST/DAST platforms
- Experience with compliance automation and continuous controls monitoring
- Experience securing SAP S/4 ecosystem
- Experience working within the Oil/Gas industry
- Excellent communication and collaboration skills, with the ability to influence and engage both technical and business stakeholders
Vaco by Highspring values a diverse workplace and strongly encourages women, people of color, LGBTQ+ individuals, people with disabilities, members of ethnic minorities, foreign-born residents, and veterans to apply.
EEO Notice
Vaco by Highspring is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race (including but not limited to traits historically associated with race such as hair texture and hair style), color, sex (includes pregnancy or related conditions), religion or creed, national origin, citizenship, age, disability, status as a veteran, union membership, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, political affiliation, or any other protected characteristics as required by federal, state or local law.
Vaco by Highspring and its parents, affiliates, and subsidiaries are committed to the full inclusion of all qualified individuals. As part of this commitment, Vaco by Highspring and its parents, affiliates, and subsidiaries will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact HR@vaco.com .
Vaco by Highspring also wants all applicants to know their rights that workplace discrimination is illegal.
By submitting to this position, you agree that you will be giving Vaco by Highspring the exclusive right to present your as a candidate for the foregoing employment opportunity. You further agree that you have represented information about yourself accurately and have not affirmatively misrepresented your qualifications. You also agree to maintain as confidential, to the fullest extent permitted by law, any information you learn from Vaco by Highspring about the position and you will limit disclosure of information about the position only to the extent necessary to perform any obligations in furtherance of your application. In exchange, Vaco by Highspring agrees to exercise reasonable efforts to represent you through all solicitation, job screening and resume dispersal.
Privacy Notice
Vaco by Highspring and its parents, affiliates, and subsidiaries (“we,” “our,” or “Vaco by Highspring”) respects your privacy and are committed to providing transparent notice of our policies.
- California residents may access Vaco by Highspring HR Notice at Collection for California Applicants and Employees here.
- Virginia residents may access our state specific policies here.
- Residents of all other states may access our policies here.
- Canadian residents may access our policies in English here and in French here.
- Residents of countries governed by GDPR may access our policies here.
Pay Transparency Notice
Determining compensation for this role (and others) at Vaco by Highspring depends upon a wide array of factors including but not limited to:
- the individual’s skill sets, experience and training;
- licensure and certification requirements;
- office location and other geographic considerations;
- other business and organizational needs.
With that said, as required by local law, Vaco by Highspring believes that the following salary range referenced above reasonably estimates the base compensation for an individual hired into this position in geographies that require salary range disclosure. The individual may also be eligible for discretionary bonuses.